All the talk about lost data, e-mail scams, computer viruses and stolen identities can be overwhelming enough to turn a small business owner into the proverbial ostrich head planted firmly in sand.
But small-budget small businesses are held just as legally accountable as the big-budget enterprises when it comes to customer data loss and identity theft, so paralysis is not an option.
1. Keep Security Applications Current
It seems like fairly obvious advice, but too many people let their anti-virus, anti-spam and firewall software licenses lapse. "You'd be surprised at how many people don't renew their security apps," said Clay. Your security is only as good as the latest update. If the software isn't up-to-date, it can't work properly, and your business is vulnerable to attack."
2. Use Business-Grade Applications
If your business employs one or more people, Clay recommends using security software designed for small business, not consumer-based products. Consumer products are fine for individuals, but Clay said companies with multiple employees need software that lets you manage the settings on their computers.
"Your employees may not know how to use the software properly," said Clay. "Establish the company-wide security policies that you want, and then lock the options. Employees may deliberately or accidentally turn off the software, change the scanning settings or turn off the action you need to take upon finding a threat, such as deleting or quarantining it."
Using managed security applications lets you secure the digital entries and exits to and from your business. You'll ensure that all files are scanned for threats and any Web sites you want to block are filtered out.
3. Teach Good Browsing Habits
Clay said the most security threats come from spam and malicious Web sites. "The Web is much more integrated into the workday," he said. "The potential for malicious code to be dropped into your PC while browsing exists more now than in the past, so you need to educate yourself and your employees to avoid the traps."
Phishing is a prime example: you receive an e-mail that looks as though it's from a legitimate site, typically a banking institution or perhaps PayPal or eBay. They tell you they need to update your account information, and ask you to click on a link and provide your information.
Clicking on the link downloads malicious code to your PC. This includes keyloggers that record every key you type or a small application that gives control of your PC to a hacker or that steals your personal information. The kicker is you won't even know it's happening.
The sites to avoid may seem obvious, such as pornography and gambling, but others might surprise you. "As more companies engage in marketing on social networking sites, popular destinations like MySpace and Facebook become more likely places to pick up malicious code through clicking on links or downloading files," said Clay.
4. Establish Sensitive Data Policies
While the term "sensitive data" varies from one company to the next, Clay said it's important to have a policy in place regarding how employees handle it. For example, if you have a database of customers, complete with credit card numbers, addresses and other personal information, keeping that database on a notebook or other mobile device especially one that isn't encrypted is a disaster waiting to happen.
"Hackers are also now going after the identities and personal information of company employees," said Clay. It's important to have both policies and security measures in place in the event of theft or loss."
5. Protect Your Legal Liability
Following security best practices is one of the best ways to protect your company from legal liability issues. Trend Micro attributes the following statistic to the National Federation of Small Businesses (NFIB):
More than one-in-four small business owners will be involved with a customer in a legal dispute over lost data. The associated median legal cost is $5,000 and can cost as much a $25,00.
In addition to steps one through four, Clay recommends implementing an e-discovery solution. In a legal dispute, companies even small businesses must be able to produce every e-mail that pertains to the case, as outlined in the Federal Rules of Civil Procedure.
An e-discovery solution makes archiving and rapid e-mail identification and retrieval possible. And, as Clay pointed out, 85 percent of a company's intellectual property resides in its e-mail.
Securing your company and customer data is paramount
it's a must-do, not a nice-to-have. The major players in the security industry all offer small business solutions, and if you need assistance in finding the right fit for your company, a good, local reseller (VAR) can guide you through the process.
Lauren Simonds is the managing editor of SmallBusinessComputing.com
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|